Its management interface was locked and I didn’t know the password
Good Fans
For problem 1, the solution was obvious: new fans. It needs two of these:
The OEM parts only seems to exist in odd places now, but the concept is universal and cheap: 5 Volt 40x40x10mm fans. PCs use 12 Volt versions, you have to be careful to get 5V. And match or go under the watts of the existing item. I bought Noctua NF-A4x10 5V fans, with 3-pin connections. This worked fine, except that the original fans’ power connectors appeared to be wired backwards from the new ones. WTF wat. I checked with a voltmeter and yeah.
The helpful Austrians at Noctua anticipated this kind of problem, and sent some solderless, insulation displacement connectors and plenty of adaptors and extension cables. This let me fix the wiring without destroying anything actually connected to the fan. The connectors, the transparent orange thingies flopping around below, work great, but only if you squash them COMPLETELY. My fingies, my hands, and even I’m ashamed to say my teeth, were not sufficient to close them and make a good connection - pliers are a must.
The fans are quiet! One reason they’re quiet is that they’re lower power than the old ones, but with only three Powered Devices attached, I’ve never noticed the switch get hotter than ambient.
A weird thing is that I’m 80% sure the fans blow in opposite directions. The one you can see well in the video is an exhaust fan, but I think the other one blows on the “lee side” of the PoE power supply, so that it isn’t becalmed.
Bad Hax
Anyway, that accomplished, it was time to attempt to gain control. The switch’s model number is Waters Network Systems GSM-2112-POE. Here is its manual. As it arrived, I did not even know its IP address - I tried pinging its factory default, but no dice.
To find what it thought of as its address, I connected to it with an ethernet cable and ran sudo tcpdump -i enp38s0f1 (the latter being the name of my wired ethernet device apparently). This worked, it considered itself 10.216.0.210. I set my laptop up as its neighbor, .209, added a route, and sure enough I could ping it now. Time to telnet!
That’s from their manual - it looks so easy! But the default admin/admin login was not in place. I dejectedly tried passwords like admin, nimda, root, toor, wizard, 12345, qwerty, asdf, zxcv, xyzzy, hunter2, and so on, but alas: nuthin.
I poked around for a telnet password brute-force program, and found Hydra plus a list of the 10k most common passwords. I set it going, but it turned out that the telnet service on the box was not actually reliable enough to brute force very well. Apart from actual failed logins, it would also just disconnect pretty often.
I had noticed that if you fail to login, it will eventually provide you help:
Please keep the serial number and contact the sales representative !
213-034101000022-1
L2 Managed Switch - GEPoEL2-SW12
Login:
This implies that there’s some way to reset the password over the network, maybe over telnet or maybe with a magic packet of some kind, computed from the serial number? Without anything more specific to go on, I didn’t feel like investigating further. I did try actually contacting sales, but Waters Network Systems’ sales staff did not get back to me despite my polite and complimentary e-mail. All the phone numbers I tried from the web site were disconnected. I tried hard in google and found a current office for the company in a town called Hayfield: it does seem to exist still, but I was making progress on other fronts so I never did manage to get in touch.
Inside the case are two jumper switches, and on the outside is a Reset button. I thought maybe it would do a factory reset if you cross your eyes, remove one jumper, hold Reset for 22 seconds, and pray to Saint Dunstan (patron saint of locksmiths)? I tried every combination of the jumpers and the button I could think of, but no joy.
The switch runs its management web site on thttpd 2.0.4, which was released in 1998.
But there could still be web app vulnerabilities! Command injection! Arbitrary file reads! That would also be right in style for 1-2 decade old software! Even before I logged in, some of the pages would load skeleton versions with no data. But I was having a heck of a time guessing more than a couple page names, and the manual frustratingly did not show the URL bar on the screen caps. One feeble exception:
At this point, I ordered a USB -> db9 serial cable. I hoped that the console port on the back would give me more privileged access.
My old Asus wireless router was done. Dropped connections, Drawfee constantly interrupted, the black box physically hot all the time. Hardware fault? Crypto miner? Unauthorized host of copyrighted videos and malware? Who could say? I felt the pain, but an excitement was also brewing: A chance to Do It Right, read, obsess, crawl on my belly like a reptile (under the house with Ethernet cable). Yes. r/HomeNetworking shot up the ranking on my new tab screen. (I poked my head briefly into r/homelab before deciding that honestly I do have limits). After a discernment process, I bought a lightly used UniFi ensemble, and the calm blue glow cheered my heart.
I made what I felt were elegant loopies going up to my patch panel.
But what is someone who buys the fanciest system and then… stops? The boring kind of nerd. They have no ambition, only purchasing power from a good job in IT related fields. I thirsted for something more. Something rack-mounted, yeah, and old. Something inscrutable. But something supplying power over Ethernet, because a separate PoE injector is inelegant. And not 100 megabit, hey, even our Comcast is faster than that.
Many fresh faces stared at me from eBay. But too fresh.
BVTech, gadish!
Netgear, at least it’s metal
TRENDnet, entertaining that the status LEDs’ arrangement has no relationship at all to the row of ports
The Cisco Catalyst and HP ProCurve stirred me a little more.
Gigabit is cheap, actually, in the used market, and so is PoE. But the combination is both expensive and bulky. I realized that almost all of the charming ones were a few inches too deep for the tiny network rack I’d bought from a German roboticist in a police station parking lot outside Indianapolis.
Frustrated and increasingly frantic, I returned to the very, very end of my eBay watch list, to a box that had caught my eye a week earlier. Waters Network Systems, you say? Who the heck is that?
A sheet metal office in a Minnesota town literally called Hayfield!
A blue metal case with noisy fans, for $50 OBO. Pulled from a school in Boca Ratón but currently living in Brooklyn. Yes. This is the level of mystery I want in my life. Gigabit, PoE, AND it fit the rack with whole inches to spare. I bought it for $45 plus shipping, and it arrived strong and blue, four days later.
The fans had the shottest bearings I ever did hear.
And the management interface was still password protected. The Reset button wasn’t that kind of reset button. Por favor, get excited to hear how I beat down these obstacles! You can now read part two, in which I fix the fans and don’t quite own the switch, and part three in which I break in!
Hey, I’m switching around my blog hosting. Hopefully if it’s easy to post, I will post more than once every 6 years. And, just in case there’s somehow still someone using Atom to follow this blog, sorry for reposting all that stuff from 2014.
JSON Web
Tokens are “a
compact URL-safe means of representing claims to be transferred between two
parties.” The “claims” are assertions about what’s going on, and they’re
cryptographically signed, either with a shared secret between client and server
or using public key cryptography.
One place they’re being used is in Mozilla’s BadgeKit
API. There, clients of the API have
a shared secret with the server. That secret is used to sign a
statement
of the HTTP path, method, and request body (for POST and PUT requests).
Assuming nothing important happens in the other HTTP headers, this means that
an evesdropper can only replay the exact HTTP request that the real client
made. This makes it better than simply including unchanging credentials,
because once the credentials are sniffed from the network, they can be reused
to make any request to the server.
Unfortunately, JSON Web Tokens are fiddly to assemble. There is a good
implementation for Python called PyJWT
(PyPI). However, to use it with Kenneth
Reitz’s immortal work, requests, one must write a
custom authentication plugin. Well, I’ve done that! Yay! The code is on
GitHub, and on PyPI as
requests-jwt. The
documentation is on Read the Docs.
importrequestsfromrequests_jwtimportJWTAuth,payload_methodauth=JWTAuth('superSekr3t')auth.add_field(payload_method)# ... other claims/payloads
resp=requests.get('http://auth-required.example.com/',auth=auth)
At a previous job, I worked a lot with Matlab. This was in 2010, before
Matlab had any testing tools included, and the best testing tool was
Steve Eddins’ Matlab xUnit package.
I loved (and love) the Python doctest module: it’s both a clever
hack and a very useful tool. I decided to make a version of it for
Matlab.
Matlab isn’t the kind of language that lets you really control the
namespace of the code that is running. Python, for instance, has a
nearly empty namespace by default when you run code in a separate file.
R has similar capabilities, although (for me) they are clunkier to use.
But, unless you explicitly make some code a function, Matlab runs it
more like a script, sharing the namespace of whatever code calls it.
This makes ‘doctest’ a tricky concept to implement - either you have to
manipulate the documentation strings into functions, or else control the
available variables very carefully.
I chose the latter route, ending up with this hilarious test-running
method.
I wrote it normally, and then renamed all the variables, from
example_var to DOCTEST__example_var. So, the test code isn’t
actually isolated, but at least it should never modify the test-running
function’s state accidentally. I think, given the limitations of the
language, that’s the best I could do. And it was useful. And check out
the doctest on that method! Heheheh.
Anyway, the reason this comes up today is that I haven’t worked at a job
with a Matlab license for several years. And GNU Octave, while probably
useful for number crunching, lacks a lot of Matlab’s finer points,
including its classdef classes. So I basically haven’t worked on it
at all for 3 years.
But hey good news, Open Source! Mr Paul
Sexton has offered to take over
maintainership! I
accept. That’s nice.
He’s already made some changes that make the code runnable on modern
Matlab versions, showing the value of having a maintainer who can at
least run the code. I’m glad, and excited to see where he takes the
project! Even if it’s just keeping it runnable, I expect that a few
people will benefit. Good!
As an aside, I’m on the lookout for my next numeric language. I’ve had
success with NumPy and Pandas, but I’ve also heard nice things about
Julia. I was thinking about making doctests my first practice project
in Julia, but actually, Julia doesn’t even support docstrings. Its
builtins have text that’s associated with them, that shows up in
help("blah"), but there’s currently no
way to do that for your
own code. That seems really important to me. I’ll probably stick with
Python for my next vectorized-math project, though I continue to follow
Julia now and then.
At one of my jobs, I’m working with d3.js to develop
visualizations of scholarly data, such as article citations and co-authorships.
I’m not ready to show off that work yet, but I got a bee in my bonnet to make
some useless/pretty pictures. The main inspiration was gmunk’s work on
TRON - SO NICE.
My work obviously does not compare, but it’s been fun to try things with a
playful attitude.
Incidentally, Mike Bostock’s bl.ocks.org is both handy
and a cute use of gists.
%20%E2%80%93%2065W%20%E2%80%93%20802%203at%20813076025507%20eBay.png)
BVTech, gadish!
Netgear, at least it’s metal
TRENDnet, entertaining that the status LEDs’ arrangement has no relationship at all to the row of ports
